Ireland AWM Regulatory Update | A

Ireland AWM Regulatory Update

November 2019 – January 2020

B | Ireland AWM Regulatory Update

Ireland AWM Regulatory Update | 01

Table of Contents

The Irish Funds Industry in Numbers – December 2019 02

AWM Regulatory Landscape: November 2019 – January 2020 03

Innovation & Technology – Latest Developments 10

PwC & Artificial Intelligence – AI You Can Trust 13

Central Bank of Ireland Supervision – Latest Developments 15

Upcoming Deadlines 17

PwC Asset & Wealth Management Credentials 18

Our Team 20

02 | Ireland AWM Regulatory Update

The Irish funds industry in numbers – December 2019

€5.2tnTotal assets under administration in Ireland

€204bnNet sales of domiciled funds in 2019 YTD (Q3)

61%Ireland’s share of European ETFs

€3.0tnTotal domiciled funds in Ireland

40%Percentage of hedge funds that Ireland services

€2.3tnNet assets of UCITS in Ireland

€2.2tnTotal non-domiciled funds in Ireland

7,707Number of funds domiciled in Ireland

€732bnNet assets of AIFs in Ireland

Source: Irish Funds – Industry Statistics: December 2019

Source: EFAMA – International Statistical Report Q3 2019

Source: Central Bank of Ireland – Monthly Fund Data: December 2019

Ireland AWM Regulatory Update | 03

AWM regulatory landscape: November 2019 – January 2020

Anti-Money Laundering (‘AML’) – European Union (Money Laundering and Terrorist Financing) Regulations 2019 [S.I. No. 578 of 2019]

On 26 November 2019, the Government of Ireland (‘GoI’) published the European Union (Money Laundering and Terrorist Financing) Regulations 2019 (‘the Regulations’). The Regulations amend the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (‘CJA’). There are four key areas covered in the legislation;

• (i) Risk-Based Supervision – competent authorities should apply a risk-based approach in relation to supervision, and make sure that officers and employees have access to relevant information on money laundering and terrorist financing. There is also information in the text related to how supervision activities should be carried out by competent authorities.

• (ii) Co-operation with Anti-Money Laundering (‘AML’) supervisors in other Member States – competent authorities who supervise designated persons are subject to additional requirements. In order to ensure the effective supervision of designated persons, such authorities must co-operate with competent authorities in other member states.

• (iii) Procedures to facilitate internal reporting within designated persons – designated persons must have appropriate procedures established for their staff to report any contraventions related to financial activities or under the CJA via an anonymous channel. Furthermore, designated persons must decide who in the organisation will be given access to and training on the relevant reporting procedures. Outsourcing arrangements and training programmes will need to be considered and possibly updated to reflect the new requirements.

• (iv) Criminal offence for failure to disclose conviction under the CJA – it is a criminal offence for failing to inform a competent authority where certain persons are convicted of offences related to financial activities or under the CJA. The competent authority that such contraventions must be reported to are the Law Society (for solicitors), and the Central Bank of Ireland (‘CBI’) (for financial service providers).

The Legislation is available here.

Auditing & Accounting – IAASA Publishes its 2020 – 2022 Work Programme

On 18 November 2019, the Irish Auditing and Accounting Supervisory Authority (‘IAASA’) released its Work Programme for the period 2020-2022. The document gives an overview of the key areas of IAASA within two key areas.

• (i) Strands: there are three key strands which each have integrated detailed strategies per the Work Programme. These strands are regulation, the promotion of high standards, and the maximisation of IAASA’s impact.

• (ii) Enablers: there are six key enabler groups that work together to support the IAASA strategies linked into the strands. The enablers consist of stakeholders, people, financial resources, technology, government, and peers.

The next three years will be a key period for IAASA, as it starts publishing the results of its Public Interest Entity audit firm inspections, and when its Conduct Unit comes fully on stream. The Work Programme will guide IAASA, its staff, and its Board until 2022.

The Programme is available here.

Auditing & Accounting – European Union (Qualifying Partnerships: Accounting and Auditing) Regulations 2019 [S.I. No. 597 of 2019]

On 10 December 2019, the Government of Ireland (‘GoI’) released the European Union (Qualifying Partnerships: Accounting and Auditing) Regulations 2019 (‘the Regulations’). The purpose of which is to give further effect to the transposed provisions of Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013. The Regulations revoke the European Communities (Accounts) Regulations 1993 (S.I. 396 of 1996) and amend the Companies Act 2014.

The key updates from the legislative document are as follows;

• (i) Members of qualifying partnerships are required to apply Parts 6 & 26 of the Companies Act 2014 to the partnership.

04 | Ireland AWM Regulatory Update

AWM regulatory landscape: November 2019 – January 2020

• (ii) Details concerning corporate governance statements to be prepared in the form of a separate report in the event that a qualifying partnership has debentures admitted to trading on a regulated market.

• (iii) The European Union (Disclosure of Non-Financial and Diversity Information by certain large undertakings and groups) Regulations 2017 (S.I. No. 360 of 2017) will apply in the event that a qualifying partnership is in scope.

• (iv) Breaches of the regulation will result in fines of up to €50,000 or a prison term of up to three years.

The Legislation is available here.

Brexit – Brexit FAQ – Financial Services Firms (Updated 29 January 2020)

On 30 January 2019, the Central Bank of Ireland (‘CBI’) released its updated Brexit FAQ for financial services firms. The purpose of the document is to provide general information to firms who are considering relocating operations from the UK to Ireland. This update contains five changes from the previous update on 3 October 2019, all relating to the removal of text from the FAQ document.

• (i) Text has been removed relating to UK-based firms in Ireland/ branches of UK entities in Ireland, which previously warned firms that late applications for authorisation in Ireland were unlikely to be approved in time before the Brexit deadline, and that these firms would no longer be able to provide financial services to customers.

• (ii) A portion of text has been deleted which previously directed users to specific areas of the CBI website for more detailed information on the application process and related timeline broken down by sector, e.g. credit institutions, Markets in Financial Instruments Directive (‘MiFID’) investment firms, fund service providers, e-money institutions, etc.

• (iii) A question and answer related to the possibility of the EU27 and the UK negotiating a transition period, and the potential for firms to plan on the basis that there will be a transition period until the end of 2020 has been removed.

• (iv) The CBI has deleted two questions and answers regarding the Multilateral Memorandum of Understanding (‘MMoU’). It was previously stated that MMoUs would cover supervisory co-operation, enforcement, and information exchange between individual regulators and the Financial Conduct Authority (‘FCA’) in the UK and would allow them to share information.

• (v) The final deletion of text relates to the area of the Settlement Finality Regulations (‘SFR’) and if it will continue to apply to Irish-domiciled participants in UK based settlement systems if the UK becomes a third country. The original text had stated that the new Irish SFR regime would grant a nine-month automatic temporary designation period to UK systems.

The FAQ are available here.

Cyber Security – Threat Intelligence Based Ethical Red-Teaming – Ireland (‘TIBER IE’) Framework – National Guide

On 20 December, the Central Bank of Ireland (‘CBI’) issued the TIBER-IE National Guide, which sets out how the CBI will implement the TIBER-IE programme. The document explains the roles and responsibilities, plus the requirements of the key stakeholders via a test process. There are two parts to the Guide;

• (i) Part I: Test Process Overview – this section gives a summary of the test process. It also details the roles of the TIBER Cyber team in the CBI, the blue team and the white team in the target entity, and the third-party threat intelligence and red team providers. There is further detail analysing the interactions that take place between all these teams, including dialogue with other national authorities and stakeholders.

• (ii) Part II: Test Phase Requirements & Expectations – the requirements and expectations are detailed in the three separate test phases

The first phase is called the preparation phase and lasts roughly four to six weeks. At this point the engagement for the TIBER-EU test is formally launched and the TIBER cyber team begin to liaise with the participating entity. The scope of the project

Ireland AWM Regulatory Update | 05

AWM regulatory landscape: November 2019 – January 2020

is also established, and the entity procures the threat intelligence and red team providers.

This is followed by the test phase which comprises of a target threat intelligence gathering on the financial institution which results in detailed test scenarios.

Lastly, the closure phase is made up of a number of ‘close-down activities’ essentially winding up the test phase. These activities include the completion and wrap up of tests and reports conducted by the red, blue, and purple teams during the test phase. It lasts approximately four weeks in total.

The Guide is available here.

Data Protection – Quick Guide to the Principles of Data Protection

On 7 November 2019, the Data Protection Commission (‘DPC’) released a Guidance document covering the seven key principles found in Article 5 of the General Data Protection Regulation (‘GDPR’) related to the processing of personal data which controllers need to be aware of and comply with when collecting and processing personal data. These principles are found at the outset and through GDPR and inform and permeate all other provisions of that legislation. The seven principles are as follows;

• (i) Lawfulness, fairness, and transparency – personal data must be processed in a manner that has a legal basis under GDPR, fair towards the individual whose personal data is concerned, and clear/transparent to regulators and individuals.

• (ii) Purpose limitation – personal data must be collected for specified, explicit, and legitimate purposes which are determined at the time of collection.

• (iii) Data minimisation – controllers are only to collect, and process personal data that is adequate, relevant, and limited to what is necessary for the purposes of processing the data.

• (iv) Accuracy – controllers must ensure that data is accurate, and up to date.

• (v) Storage limitation – controllers must hold data in a form which allows the identification of

individuals, and for no longer than is necessary for the purposes of processing the data.

• (vi) Integrity and confidentiality – personal data must be processed by controllers in a manner that ensures the appropriate level of security and confidentiality.

• (vii) Accountability – this new principle sets out that controllers must be able to demonstrate compliance with the other principles of data protection.

The Guidance is available here.

Data Protection – Guidance for Organisations Engaging Cloud Service Providers

On 27 November 2019, the Data Protection Commission (‘DPC’) announced a set of guidelines for organisations engaging cloud service providers. There are five key areas covered in the document;

• (i) Cloud computing definition – there are generally three different service models for cloud computing available to organisations. In its most advanced form the cloud provider deals with all aspects of the processing of the data on behalf of the client, apart from the raw data inputted by individual users. The cloud organisation provides the operating system to run the necessary software, the physical infrastructure in a datacentre, and the software needed to process the data itself.

• (ii) Security considerations around cloud computing – this is split into two main categories; (a) the controller must be satisfied that the processor (the cloud provider) will only process the data in accordance with the controller’s instructions, and (b) the controllers must be satisfied that the cloud provider has accounted for the risks presented from accidental or unlawful damages.

• (iii) Transparency requirements – cloud providers must be able to account for their processing operations to the satisfaction of its customers, and controllers in turn must be able to provide this information to data subjects.

06 | Ireland AWM Regulatory Update

AWM regulatory landscape: November 2019 – January 2020

• (iii) Legal Obligation – appropriate in cases where controllers are obliged to process the personal data in order to comply with EU/Irish legislation or the common law.

• (iv) Vital Interests – a less commonly used legal basis which may be used in certain specific situations where other legal bases are not appropriate.

• (v) Public Task – likely to apply to a more limited sub-set of data controllers. This will occur where it is necessary for them to process personal data to complete a task in the public interest or exercise their official authority.

• (vi) Legitimate Interests – this is flexible and versatile legal basis for the processing of personal data. This may apply in scenarios where processing operations do not fit neatly into any of the other legal bases.

The further processing of personal data is only permitted in circumstances where the processing is ‘compatible’ with the purposes for which the personal data was initially collected.

The Guidance Note is available here.

Enforcement/Breaches – ASP Sanctions Guidance

On 14 November 2019, the Central Bank of Ireland (‘CBI’) published new guidance to sanctions imposed under the Administrative Sanctions Procedure (‘ASP’) for the financial services sector. The document gives guidance on the application of a variety of factors relevant to sanctioning under the ASP, including co-operation, remediation, and self-reporting.

It further provides greater transparency by increasing clarity on the CBI’s general approach to sanctioning of individuals and firms. The information should help to promote an improved culture of compliance in financial firms by clarifying the behaviours which may aggravate or mitigate a breach of financial services law.

The Guidance is available here.

Information should be documented, recorded and be readily available if requested.

• (iv) Data location – personal data held in the European Economic Area (‘EEA’) has a common standard of protection. Where a cloud provider is processing personal data outside of the EEA, one of the following mechanisms must be used; data transfers based on an adequacy decision, data transfers subject to appropriate safeguards, and data transfers subject to binding corporate rules.

• (v) Cloud service contracts – GDPR requires that processing by a processor is governed by a contract. Some of the key points for inclusion are; cloud providers may only process the data instructed by controllers, detailed assurance by the cloud provider on security measures, and the enumeration of sub-processors that are engaged by processors and how they are treated by the controllers.

The Guidance is available here.

Data Protection – Guidance Note: Legal Bases for Processing Personal Data

On 17 December 2019, the Data Protection Commission (‘DPC’) released guidance on the legal bases that exist for processing personal data. This information supplements the original text outlined in Article 6 of the GDPR. The aim of this guidance is to help data controllers identify the correct legal basis for processing any personal data, and to outline the connected obligations with each legal basis. Equally the document is useful for data subjects (whose information is being processed), to identify and understand the legal reasoning behind why their data is being processed. There are six clear legal bases explored in detail in the guidance document;

• (i) Consent – this must be freely given, informed, specific, and unambiguous, and it must be made by way of a statement or ‘clear affirmative action’.

• (ii) Contract – a commonly utilized legal basis in scenarios where there is a contractual relationship between the data subject and the data controller.

Ireland AWM Regulatory Update | 07

AWM regulatory landscape: November 2019 – January 2020

Market Abuse – Dear CEO – Wholesale Market Conduct Risk – Industry Communication 2020

On 22 January 2020, the Central Bank of Ireland (‘CBI’) issued an industry wide Dear CEO letter on the topic of wholesale market conduct risk. Over the course of 2019, the CBI used a variety of supervisory tools to assess this area, involving direct engagements, on-site inspections, and branch visits to Irish entities based in other jurisdictions. Furthermore, there were in excess of 150 interviews undertaken of frontline staff, risk and compliance officers, directors, and CEOs.

The document contains an in-depth appendix of the detailed findings from the work in 2019. The key theme linked to these findings is that entities may not have been adequately identifying the market conduct risk to which they are exposed, which in turn causes inadequate mitigation and management of this risk. This failure is due to three key causes as identified by the CBI;

• (i) Inadequate governance of market conduct risk – It is the CBI’s expectation that senior management and Boards of regulated entities take full ownership of governance in this area. This is achieved by establishing sufficient control for the adequate monitoring of the entity, challenging group decisions, and reporting to the CBI conduct related to the entity’s staff. Compliance with the CBI’s Fitness and Probity Regime must be fully embedded into the organisational arrangements of entities at local and branch level.

• (ii) Inadequate market conduct risk framework – These frameworks coupled with relevant controls that staff can easily understand, must also be embedded into the organisational requirements of regulated entities.

• (iii) Failure to identify the risk of market abuse – In line with current Market Abuse Regulation and related legislation, the CBI expects regulated entities, issuers, and those who act on behalf of issuers to have systems and controls established to ensure compliance with their obligations. This includes where appropriate, the ability for entities to prevent, detect, and report potentially abusive behaviour.

The Letter is available here.

Fitness & Probity – Minimum Competency Code 2017 and Minimum Competency Regulations 2017 – Questions and Answers (Updated December 2019)

On 09 December 2019, the Central Bank of Ireland (‘CBI’) issued an updated Q&A document relating to the Minimum Competency Code (‘MCC’) 2017 and the Minimum Competency Requirements (‘MCR’) 2017. The purpose of the Q&A is to give additional explanation in areas where there were concerns in the submissions to CP106 or have arisen in relation to the published MCC 2017 and the MCR 2017. This update was the first since its initial publication on 07 February 2018. The changes are laid out in three questions;

• (i) Question 7.4 – this deals with the application of the MCR and the MCC to insurance undertakings and intermediaries. The CBI has clarified that in scope firms will be required to be compliant with the relevant competence and professional knowledge requirements. Additionally, the relevant employees will be required to undertake 15 hours of professional training or development per year.

• (ii) Question 9.5 – a new questions and answer has been added relating to Continuous Professional Development (‘CPD’) hours and ethics. Persons exercising certain controlled functions within firms (as set out in Appendix 3 of the MCC), must complete at least one CPD hour related to ethics. Individuals may complete more than CPD hour; however relevant individuals must be aware it is not appropriate for the bulk of the CPD completed to be focused on one topic.

• (iii) Question 9.6 – consists of a final additional question to the Q&A, regarding CPD hours and modules relating to diversity, culture, and inclusion. These areas are not to be considered part of CPD, as they are not listed in Appendix 3 of the MCC. The reason for this is that they are considered part of the general operation of the firm, as opposed to technical knowledge required by individuals undertaking a controlled function within the scope of the MCC.

The Q&A is available here.

08 | Ireland AWM Regulatory Update

AWM regulatory landscape: November 2019 – January 2020

• (iii) Interlinkages – details of consolidation, guarantees, and related parties.

• (iv) Administration – information relating to the representative and the reporting agent completing the form.

• (v) Sign Off – concerns the contact details of the company or the individual in the company submitting the registration form.

Registrations of SPEs must be made to the CBI no later than five working days after it conducts any financial transactions.

The Guidance Note is available here.

UCITS – Regulatory Information: Central Bank Changes to the Post-Authorisation Submission Process for UCITS

On 28 November 2019, Irish Funds (‘IF’) released a copy of an email on their website received from the CBI, which lays out changes to the post-authorisation submission process for Undertakings for Collective Investment in Transferable Securities Directive (‘UCITS’) and Retail Investor Alternative Investor Funds (‘RIAIF’s).

The process has now moved from hard copy to soft copy, and submissions should be sent to fundspostauthorisation@centralbank.ie, at a max size of 25MB per email, and in adherence to the following guidelines;

• (i) All submitted application forms and fund documents should be in searchable format (i.e. PDF/Word) and executed letters should be sent in scanned format.

• (ii) All relevant documents required for review should be included in submissions. Any subsequent updates will only result in a delay issuing comments.

• (iii) Email should include submissions for maximum one standalone/umbrella fund (an email attempting to cover multiple umbrella funds will not be accepted).

• (iv) The nature of the submission should be covered in the subject line of the email, e.g. ‘XYZ Fund Plc – Prospectus and New Sub-Fund’.

MIFID / MIFIR – Reporting Requirements for MIFID Investment Firms – January 2020

On 9 January 2020, the CBI published updated reporting requirements for Markets in Financial Instruments Directive (‘MiFID’) Investment firms for 2020. The requirements are summarised in a detailed form linked below. It is broken into four columns of information based on the related name of the returns, to whom the returns are applicable, the return frequency required, and any supporting relevant guidance notes or comments. There are four listed types of returns in the document;

• (i) Audited / Management Accounts & Related Returns

• (ii) Capital Requirements Directive (‘CRD’) IV Returns

• (iii) Other Scheduled Online Reporting System (‘ONR’) Returns

• (iv) Ad-Hoc Returns

There are over 30 separate individual types of returns detailed within these four categories that are all clearly outlined in the comprehensive document.

The Document is available here.

Securitisation - Special Purpose Entities (SPE) – FVC and SPV Registration Form – Guidance Notes (December 2019)

On 18 December 2019, the Central Bank of Ireland (CBI’) released Guidance Notes in relation to registration forms for two types of Special Purpose Entities (‘SPE’) entities – Irish-resident securitisation vehicles (‘FVC’s) and Irish resident section 110 companies (‘SPV’s). The document is a useful guide for users in illustrating the registration process for registering a SPE with the CBI to fulfill the reporting requirement. There are five sections in the Guidance;

• (i) SPE Registration – information relating to the legal form and structure of the company.

• (ii) SPE Activity Information – details of the expected transactions and size of the entity.

Ireland AWM Regulatory Update | 09

AWM regulatory landscape: November 2019 – January 2020

Finally, it should be noted that the submission deadlines have not changed at this moment in time.

The Press Release is available here.

UCITS – Questions and Answers – 28th Edition

On 30 January 2020, the Central Bank of Ireland (‘CBI’) released its twenty eighth edition of the Undertakings for the Collective Investment in Transferable Securities (‘UCITS’) Q&A document.

This update contains one new section from the previous update on 16 July 2019. It covers the question of whether a UCITS can invest in contracts for difference (‘CFDs’), collateralised loan obligations, contingent securities (‘CoCos’) or binary options (ID 1094).

The Q&A states that if this was being proposed as an investment strategy, that a UCITS may be subject to enhanced scrutiny at the authorisation phase in order that the CBI is comfortable that the proposal was taking into account the overall portfolio of assets proposed.

Furthermore, firms are reminded that the UCITS regime is a product framework intended to be suitable for retail investors. It contains requirements designed to support investor protection, diversification, liquidity, valuation, risk management, oversight, safekeeping of assets, and rules around eligible assets. UCITS proposing to invest in these positions must be mindful to ensure compliance around the requirements in each of these areas.

The Q&A is available here.

10 | Ireland AWM Regulatory Update

Innovation & technology: the latest developments

• Payments – mostly relating to the second Payments Services Directive (‘PSD2’) and Brexit.

• Regtech – particularly Know Your Customer (‘KYC’).

The CBI has agreed on three key methods which will define its approach to dealing with the challenge of sufficiently organising itself against rapid technological innovation.

• (i) Creation of a Hub and Spokes model including the use of Cross-Bank Innovation Steering Committee.

• (ii) Prioritisation of resources by identifying the key areas that require focus where the CBI believes it can add the most value.

• (iii) Thematic approach by analysing a range of overarching themes related to technological innovation. These areas are consumer protection, big data, crypto assets, anti-money laundering (‘AML’), and Financial Supervision.

Mr Cross’ speech is available here.

In late November 2019, the Director of Policy & Risk of the Central Bank of Ireland (‘CBI’) Gerry Cross spoke at the Digital Finance Summit in Brussels, in which he addressed the close relationship between technological innovation and financial regulation.

The recent advances in technology have brought about deep and rapid change in the financial services sector. In order to ensure that it is effectively supervising firms in light of the widespread technological developments, the CBI established an Innovation Hub (‘Hub’) in April 2018 to bring about engagement with the FinTech sector. The Hub provides a path for the CBI to engage more closely with entities/persons working in fintech innovation, improve the dialogue with innovators on regulatory aspects, and ensure newly established firms are better placed to comply with applicable financial regulation.

The Hub can establish how innovators in the sector are targeting the core functions of financial services in order to create a more digital user-friendly experience. It has had in excess of 150 engagements with both individuals and firms in key areas including;

• Market & Exchanges – largely involving blockchain related applications.

Ireland AWM Regulatory Update | 11

Innovation & technology: the latest developments

Innovation Hub Enquiries – Total Engagements (since launch)

Subsector Enquiry Findings – Fintech Subsector

ENQUIRIESFROM FIRMS

MARKETS AND EXCHANGES

N/A – (E.G. ACADEMIC INSTITUTION PROFESSIONAL SERVICES COMPANY)

PAYMENTS

REGTECH

ANALYTICS

INSURTECH

INVESTMENTS AND ADVICE

LENDING

PROPTECH

STAKEHOLDERENGAGEMENTS

TOTALENGAGEMENTS 114 52

0 50 100 150 200

Source: Central Bank of Ireland – Innovation Hub: 2019 Update

Source: Central Bank of Ireland – Innovation Hub: 2019 Update

16%

10%

19%

26%

7%

4%

4%

7%7%

12 | Ireland AWM Regulatory Update

Innovation & technology: the latest developments

Boards have a duty to consider the way in which they use data and technology in customer interactions. If this is done in line with the firm’s stated values, it will lead to long-standing good governance practices. Particular focus needs to be paid to the below areas;

• (i) Outsourcing – Firms are reminded that while services can be outsourced, the responsibility can never be delegated. Due to the advances in cloud computing there has been an increase in the reliance on third parties who hold data as part of outsourcing arrangements. The CBI reminds all firms that if something goes wrong with their data in these scenarios, they will be reliant on somebody else to fix the issue.

• (ii) Risk Management – Business models are ever increasingly becoming more data centric, and therefore require better quality and security of data from a governance perspective. Firms must implement appropriate I.T. risk management so that it can become an enabler to these changing models.

• (iii) Culture – There is an increased risk of misconduct around the use of customer data as the quantity and demands around this type of data grows exponentially. The CBI have made it clear that sustainable innovation cannot be attained without the proper culture and mindset to support it.

The full speech is available here.

On 29 November 2019, the Deputy Governor of the Central Bank of Ireland (‘CBI’) Ed Sibley gave a speech outlining the CBI’s perspective on innovation in financial services firms. Mr Sibley acknowledged that due to the current pace of change in the industry, people and services need to become smarter and more effective to deal with the rate of innovative developments. Firms must make informed choices by understanding the risks involved when they make changes to their business processes. This can be efficiently looked at from top-down (through governance, strategy, risk management, oversight, etc), and bottom-up approaches (operational resilience and the management of technology). One of the key focuses at the CBI is ensuring it can meet its responsibilities as a regulator within the framework of new innovative facilities and solutions.

It remains a core competency at the CBI to have sufficient data analytics capabilities and related technology infrastructure to deal new innovative updates in the industry. As innovation tends to develop at a faster rate than regulation, the CBI is acutely aware it must ensure that the appropriate resources and skills are on hand to meet this constant challenge.

Mr Sibley further noted that all firms whether newly authorised or well-established need to ensure their systems and data are secure and reliable to meet customer requirements. This can be achieved by;

• Aligning business and I.T. strategy.

• Consistency between risk appetite and I.T. risk profile.

• Maintaining robust I.T. security arrangements and risk management.

• Managing I.T. assets by way of risk assessments.

• Monitoring closely the processes and systems that support business services.

Ireland AWM Regulatory Update | 13

PwC & Artificial Intelligence – AI you can trust

investment product or stock selection. Reputational risk of AI is present, such as in customer engagement robots that acquire biases through intervention or even standard training. Therefore, it is of utmost importance to install a governance framework and governance processes right from the beginning of the development of an AI solution in order to minimise such risks.

At PwC, we have developed a Responsible AI Toolkit that addresses the five key dimensions with regards to AI applications – governance, ethics and regulation, interpretability & explainability, robustness & security, and bias & fairness – which allows companies to systematically deal with the key issues at hand. However, the key to responsible AI is an end-to-end enterprise governance that serves as a base for all five of these dimensions. A comprehensive governance provides support at each step of your organisation’s AI implementation, anticipating risks and providing quality controls along the way.

AI governance needs to have answers to critical questions

Historically, governance functions have only had to deal with static processes. But one important characteristic of AI processes is that they are dynamic and adaptive – and thus AI governance must be as well. Such a system

AI is here to stay—bringing limitless potential to the Asset and Wealth Management sector. Used wisely, it can determine patterns in the data at scale, identify opportunities for generating returns and reduce cost. However, these benefits can only come from understandable and ethical AI that your stakeholders can trust. A sound end-to-end governance framework can ensure that your AI applications and systems meet their full potential.

Trust your artificial intelligence with proper governance

The digital transformation is progressing rapidly, as humans and machines collaborate more and more closely. AI applications are no longer a concept of the future but are becoming mainstream, with their staggering potential gaining more and more attention. This potential, however, goes hand in hand with risks – at the forefront being the issue of trust and explainability. AI models often provide data-driven decisions, but not the explanations behind these decisions; the answer to the why is missing. Companies must build safe applications that stakeholders can understand and trust in order to truly capitalise on the opportunities of AI.

AI requires people to trust the recommendations of algorithms for business, such as the most suitable

14 | Ireland AWM Regulatory Update

PwC & Artificial Intelligence – AI you can trust

PwC’s AI governance framework

Governance mostly is about adhering to regulatory requirements and company principles. But with regards to AI it is much more; it is the core function that enables a company to build AI solutions that customers and employees can trust and that are ethical.

PwC’s enterprise governance framework encompasses your whole AI journey, regardless of the size of your AI solution:

• Strategy – industry standards, internal policies

• Planning – delivery approach, programme oversight

• Ecosystem – technology roadmap, sourcing, change management

• Development – solution design, data management, model building

• Deployment – integration, execution, evaluation

• Operating and Monitoring

With PwC’s framework for AI, you can continue to build trust in your solutions and products by ensuring that there is accountability and intention behind each part of your AI journey.

If you are interested in how PwC can transform your business using AI, please contact Marie Taylor Ghent, Director in our Data & Analytics Consulting Practice.

Contact Marie Taylor Ghent here.

requires cohesive strategy planning across the organisation, as well as plans to best utilise existing capabilities within the current vendor ecosystem. In addition, it is imperative to consider model monitoring and compliance throughout the model development process.

At its highest level, AI governance should enable an organisation to answer critical questions about the results and the decision-making of AI applications, including:

• Who is accountable?

• How does AI align with the business strategy?

• What processes could be modified to improve the outputs?

• What controls need to be in place in order to track performance and pinpoint problems?

• Are the results consistent and reproducible?

The ability to answer such questions and respond to the outcomes of an AI system requires a more flexible and adaptable form of governance than many organisations may be currently accustomed to. Whereas governance systems in the past have worked well with more predictable processes, the continued introduction of AI requires flexibility in governance in order to maintain accountability and clarity for all stakeholders. In addition to increased adaptability, the governance framework must also span the entire AI lifecycle and capture each single step and process in order to react quickly when needed.

a winning

proposal

Creating

Proposal Hub

PwC Ireland a winning

proposal

Creating

Proposal Hub

PwC Ireland

a winning

proposal

Creating

Proposal Hub

PwC Ireland

Bias & Fairness Interpretability & Explainability Robustness & Security

Pe

rfo

rma

nc

e

Ethics and Regulation

Governance

Ireland AWM Regulatory Update | 15

Central Bank of Ireland Supervision: the latest developments

As a result of Brexit there has been a renewed focus on supervisory convergence across the European Union (‘EU’). For example, the CBI is participating in European Securities and Markets Authority (‘ESMA’’s) 2020 common supervisory action on liquidity management by Undertakings for Collective Investment in Transferable Securities (‘UCITS’). There is an awareness that convergence on this scale will protect investor right across the EU. Mr Hodson stressed that it is not the role of the CBI to inhibit growth, but moreover to keep pace with the industry to ensure its policies and strategies all sufficiently up to date.

The CBI’s supervision priorities of 2020 will focus on the following areas;

• (i) Consultation work on investment fund errors.

• (ii) Successful implementation of the Investment Firms Regulation and Investment Firms Directive (‘the IFR’).

On 03 December 2019, the Director of Asset Management and Investment Banking of the Central Bank of Ireland (‘CBI’) Michael Hodson addressed the Funds Forum 2019 in which he covered the topic of supervision touching on its evolution, supervisory convergence, and the CBI’s supervisory priorities for 2020.

The CBI has introduced an updated supervision framework for the financial services sector, from its original introduction via the Probability Risk and Impact System (‘PRISM’) in 2011. The purpose of this is to deal with the more complex financial services landscape. Mr Hodson detailed how the CBI is currently undertaking two internal reviews; one in relation to its engagement models and the other regarding the best approach for dealing with impact relating to specific prudential impact models. Firms can expect to hear from the CBI in early 2020 as communications are made from the CBI in relation to any changes to their impact categorisations.

16 | Ireland AWM Regulatory Update

Central Bank of Ireland Supervision: the latest developments

• (iv) Fitness & Probity (‘F&P’) – it is the aim of the CBI that only fit and proper persons occupy senior roles in financial institutions in Ireland, and consequently there have been a nearly 100 applications either refused or withdrawn due to CBI challenges. Firms are remined that the assessment of individuals’ F&P is primarily their responsibility.

• (v) ESG – Disclosure obligations are due to come into force in 2021 relating to the due diligence process undertaken by fund managers and Markets in Financial Instruments Directive (‘MiFID’) firms on the ‘principal adverse impacts’ of investment decisions they make on sustainability factors. Firms with a headcount below 500 persons must set out clear reasons why they do not consider the adverse impacts of investment decisions on sustainability, if they wish to remain exempt from the proposed rules.

Ultimately the CBI hopes that firms will prioritise conduct, culture, and customers on the board agenda in 2020 and beyond into this decade.

Read the full speech here.

• (iii) Emphasis on the market-based finance sector domiciled in Ireland.

• (iv) Review of the Irish Client Asset Regime.

• (v) Conclusion of the thematic review of fund management company effectiveness (‘CP86’)

• (vi) Risk assessments and engagement meetings in conjunction with the CBI’s risk-based approach to supervision.

• (vii) Focus on liquidity risk and leverage in the non-banking sector.

Mr Hodson’s speech is available here.

On 15 January 2020, the Director General of Financial Conduct at the Central Bank of Ireland (‘CBI’) Derville Rowland visited the Chartered Accountants House in Dublin and gave an update on the CBI’s 2020 priorities in an address to the Association of Compliance Officers of Ireland (‘ACOI’). Ms Rowland spoke in detail about several key focus areas including the following;

• (i) Consumer Protection – in each sector that the CBI supervises, it will assess the risks and then prioritise the areas where its interventions will have the greatest impact in preventing harm to consumers. One of the key risks that has been identified across the financial services sector is related to the lack of a consumer-focussed culture.

• (ii) Protecting Investors & Market Integrity – the CBI recognises the need for a more effective approach to the supervision of conduct on wholesale securities markets. It is currently developing a more systematic risk-based approach via consideration of international best practice in this area.

• (iii) Anti Money Laundering (‘AML’) and Terrorist Financing (‘TF’) Prevention – there will be a particular focus on transaction monitoring to ensure the detection of suspicious activities, and risk assessments as a method of measuring the effectiveness of the firm’s control framework.

Ireland AWM Regulatory Update | 17

Upcoming deadlines

February 2020 • UCITS KIID: An Undertakings for the Collective Investment in Transferable Securities (‘UCITS’) must update its Key Investor Information document (KIID) on an annual basis for each sub-fund/standalone fund within 35 business days of the end of each calendar year. For 2020, the annual update of the KIID must be filed no later than 19 February 2020 (where required).

• Fund Profile Return: The annual CBI Fund Profile Return is required for all Irish authorised sub-funds. It is to be prepared for the period up to 31 December 2019, with a submission deadline via the Online Reporting System (‘ONR’) of 28 February 2020. The CBI does not anticipate that the fund profile will change from year to year, as changes would most probably reflect changes within the fund’s offering documents. Therefore, year-to-year updates to the fund profile are expected to be minimal and reflect significant changes. The CBI issued guidance and a template.

March 2020 • Thematic review of closet indexing: CBI requires documentation updates that have been triggered by its thematic review of closet indexing to be completed by 31 March 2020.

• MMFR quarterly reporting: Money Market Fund (‘MMF’) managers must send their first quarterly reports to national regulators by the 31 March 2020 as clarified by the European Securities and Markets Authority (‘ESMA’).

• Liquidity Questionnaire: The CBI communicated with certain Irish UCITS fund management companies on 6 February 2020 to advise them that will be required to complete a detailed UCITS liquidity questionnaire. Recipients will be given roughly 3 weeks to complete the document, with submission required to the CBI by early March 2020.

April 2020 • Depositary Safe-Keeping for UCITS and AIFs: The Depositary Safe-Keeping Regulation (AIFMD) and the Depositary Safe-Keeping Regulation (UCITS) apply from 1 April 2020 (having entered into force on 19 November 2018). The regulations set out detailed UCITS and AIFMD requirements where custody is delegated to a third party (a sub-custodian). They amend existing requirements in respect of: (i) record keeping, (ii) asset segregation, (iii) contractual requirements, (iv) reconciliations, and (v) insolvency requirements, where custody is delegated to a third party in a third country. UCITS Funds with calendar year ends have to file their Annual Report and Audited and their Annual FDI Report with the CBI by 30 April 2020. UCITS Management Companies and AIFMs with calendar years ends have to file their Annual Audited Accounts and their Minimum Capital Requirements Report and bank statements with the CBI.

18 | Ireland AWM Regulatory Update

PwC Asset & Wealth Management Credentials

Financial Statements Audit

Trust is an important factor in gaining and sustaining the confidence of your stakeholders.

Using our experience and proven track record we can provide the smooth and efficient audit needed to give comfort to you and your stakeholders.

Tax Advice

We have a dedicated group of tax professionals, focused on international and local tax issues facing fund managers. We have a wealth of resources and expertise to assist you in addressing the various tax challenges such as:

• Corporate tax advice

• Financial transactions taxes

• Transfer pricing

• International tax consulting services

• Global tax compliance services

• VAT services

Regulatory Advisory Services

Regulatory change has imposed significant additional requirements and costs on all fund managers. Our suite of services includes:

• Advice on regulatory obligations

• Assurance on regulatory reporting systems and controls

• Assistance with Central Bank of Ireland regulatory authorisations

• Regulatory remediation support

As a firm we are proud of the depth and breadth of insights and access to networks we can bring to our clients. In Ireland and internationally, we have an unrivalled client base that allows us to identify and share developing trends and issues.

A dedicated Asset & Wealth Management team with unrivalled experience. It is our people, our experience and our passion to contribute to your success that makes us the right team for you. Our Asset & Wealth Management group is the largest in Ireland with nearly 400 investment professionals and staff.

Building on our track record of delivering alternative thinking. We use our knowledge to both shape and drive regulation and help our clients, not just in implementing new standards and requirements, but to prepare for future requirements and to ensure that products are properly designed.

Ireland AWM Regulatory Update | 19

Operations Effectiveness

Asset management companies face people, process and cost challenges similar to many other financial services companies. Our suite of services to help firms to overcome these challenges includes:

• Process intelligence

• Drafting or updating process maps and procedures manuals

• Pre/Post acquisition/disposal services

• Client Assets/Investor Money advice

• Outsourcing/off shoring advice and reviews

Digital, Data, Technology and Cyber Services

Asset management entities are faced with digital, technological, information security and data issues similar to many other financial services companies, while they also seek to simplify business models and improve efficiency. PwC can assist by improving existing technology and helping with new solutions, while keeping your systems secure. Our suite of services includes:

• Digital strategy and system selection support

• System implementation

• Cyber security services

• Project management of IT/Digital projects

Governance

Boards of Directors often need support to adapt to the fast pace of change within the industry. In addition, they will often seek an additional layer of comfort over the companies they are over-seeing. Our suite of services includes:

• Corporate governance reviews

• Assistance with Compliance or Risk Management Frameworks

• Reviewing approaches to Organisation Effectiveness

• Tailored director training

Independent Valuation Services

We have the know-how, experience and network to select and use the right valuation approach and judgements.

We can help you assess, design and implement best in class valuation operating models and governance structures.

We can assist in the establishment of a Valuation Committee, advising as to its composition, mandate and accountabilities, specifying a reporting and monitoring plan.

Internal Audit Services

Directors and senior management of fund management companies need to understand the organisation’s objectives, risk management priorities, regulatory environment and critical stakeholders’ needs to maximise the value and effectiveness of the internal audit function. We can help by:

• Developing and assessing whether your internal audit and risk management methodologies are delivering as effectively as possible to stakeholders.

• Solving your resourcing problems including full outsourcing or complementing your team with specialist skills or geographical coverage.

• Developing training solutions unique to your business using our extensive market and industry knowledge.

Strategy and Distribution Advice

At its core Strategy is about helping clients to make choices - which market they want to play in, what products/services they need to win with and what capabilities they should leverage.

The strategy team undertake corporate plans, feasibility studies, commercial due diligence and market research.

PwC Asset & Wealth Management Credentials

20 | Ireland AWM Regulatory Update

Lesley Bell DirectorAsset & Wealth Management Advisory M: +353 1 792 8133lesley.bell@pwc.com

Geraldine Brehony Senior ManagerAsset & Wealth Management Advisory geraldine.brehony@pwc.comT: +353 1 792 8037

Ken OwensPartnerAsset & Wealth Management AdvisoryT: +353 1 792 8542ken.owens@pwc.com

Kenneth O’Donnell ManagerAsset & Wealth Management Advisory kennethodonnell@pwc.comT: +353 1 792 6224

Philip Cullen AssociateAsset & Wealth Management Advisory cullen.philip@pwc.comT: +353 1 792 5866

Louise Treacy Senior ManagerAsset & Wealth Management Advisory louise.m.treacy@pwc.comT: +353 1 792 8086

Michelle Forkan ManagerAsset & Wealth Management Advisory michelle.forkan@pwc.comT: +353 1 792 8811

Tara DooganManagerAsset & Wealth Management Advisory tara.doogan@pwc.comT: +353 1 792 6682

Our team

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with over 276,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.ie. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. © 2020 PwC. All rights reserved. 06698_0220